[Bug 953171] Re: Please fix CVE-2012-0864 in precise
Steve Beattie
sbeattie at ubuntu.com
Mon Mar 12 18:03:46 UTC 2012
For the record, bzr reports the packaging branch for eglibc is out of
date. Here is a debdiff to fix this issue and bug 901716. Confirmed to
build on precise/amd64.
** Patch added: "eglibc_2.15-0ubuntu6.debdiff"
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+attachment/2857516/+files/eglibc_2.15-0ubuntu6.debdiff
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/953171
Title:
Please fix CVE-2012-0864 in precise
Status in “eglibc” package in Ubuntu:
New
Bug description:
CVE-2012-0864 was addressed in 1396-1 for releases prior to precise,
but still needs to be addressed in precise.
From the USN text:
It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code.
Upstream commit is
http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
.
(debdiff forthcoming)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions
More information about the foundations-bugs
mailing list